That the documentation should reflect this limitation, because according to [1] forwarding audit logs to the internal elasticsearch is a valid and supported configuration, but doesn't seem to work reliably when setting the log policy to WriteRequestBodies or AllRequestBodies as per [2].

[1] https://docs.openshift.com/container-platform/4.9/logging/config/cluster-logging-log-store.html#cluster-logging-elasticsearch-audit_cluster-logging-store
[2] https://docs.openshift.com/container-platform/4.9/security/audit-log-policy-config.html

These limitations should be mentioned in document also.